| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 1999-07-05 | remove bogus entry from if_enc address list; and rename enc_softc to encif | Theo de Raadt | |
| 1999-05-16 | spltdb introduced, protection for tdb lists and related structures, so | Niklas Hallqvist | |
| they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||
| 1999-05-14 | A new scalable IPsec SA expiration model. | Niklas Hallqvist | |
| 1999-04-11 | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | Niklas Hallqvist | |
| If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||
| 1999-04-09 | Make the tdbi handling more robust, removes a panic case | Niklas Hallqvist | |
| 1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
| SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
| 1999-02-24 | Update copyright; remove a few annoying debugging printfs. | Angelos D. Keromytis | |
| Btw, OpenBSD hit 25000 commits a couple commits ago. | |||
| 1999-02-24 | Remove encap.h include; saner debugging printfs; fix buglets; work with | Angelos D. Keromytis | |
| pfkeyv2. | |||
| 1998-06-10 | make the packets which were successfully processed by IPSec available to | Niels Provos | |
| bpf via the enc0 interface, using linktype DLT_ENC. | |||
| 1998-05-24 | avoid source address spoofing for mutual hostile hosts which have SAs to | Niels Provos | |
| us, reported by Craig Metz <cmetz@inner.net>. | |||
| 1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
| draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
| 1997-11-04 | make it easier to add additional transforms. add blowfish and cast | Niels Provos | |
| encryption. some more info for kernfs/ipsec. | |||
| 1997-10-02 | conditional error logging | Theo de Raadt | |
| 1997-09-28 | log() needs a \n | Theo de Raadt | |
| 1997-07-27 | expiration messages, fixes, updates, all sorts of things | Niklas Hallqvist | |
| 1997-07-18 | enablespi/disablespi in encap + print spi's in hostorder | Niels Provos | |
| 1997-07-11 | put old esp/ah and new esp/ah in different files. | Niels Provos | |
| generalised way of handling transforms. | |||
| 1997-07-01 | major restructuring | Niels Provos | |
| 1997-06-25 | hard and soft limits for SPI's per absolute timer, relative since establish, | Niels Provos | |
| relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI | |||
| 1997-06-24 | handle IP options in AH + allow IP options in outgoing encapsulated packets | Niels Provos | |
| + usage counters for later use with keymanagement processes | |||
| 1997-06-20 | ah-sha1 + esp-3des + indentation | Niels Provos | |
| 1997-02-26 | I/O packet counters for IP-in-IP and AH. | Angelos D. Keromytis | |
| 1997-02-24 | OpenBSD tags + some prototyping police | Niklas Hallqvist | |
| 1997-02-20 | IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in | Theo de Raadt | |
| Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |